Restriction on individual tickets or groups

I would like to see a function whereby you can set limited access to specific tickets and/or groups, so that only selected agents or admins have access to the specific ticket or group

I know there's already a similar function in place, whereby we can restrict access for individual agents, so they only can access only e.g. tickets tickets assigned to them, groups they are part of, etc.

For the majority (99%) of our tickets, we want all agents to have access, however there are some instances where we only want a small number of people to have access to some tickets, due to the sensitive / confidential nature of these.

This means that the already existing function is not feasible for us, and is certainly not scalable. This solution is very similar, but sort of in reverse!

38 Comments

Adding another vote to this as well. We're on Enterprise and have enabled Custom Roles with group restrictions. But it truly doesn't do what we want it to do.

We have a small subset of tickets that agents in groups A, B, and C shouldn't access, but it's helpful if they have access to tickets outside of their groups otherwise. Ex: First response agents get a ticket that references an earlier ticket that ended up in a different group so they need to review the older ticket to check if it's the same issue and should be moved to the different group.

I'd love an addition to Custom Roles where in addition to only view tickets in their group, I could select can access all tickets except in groups X, Y, Z, etc. This would allow me to give them greater visibility but limit from areas they don't need.

Karyn, if you want to restrict tickets access for your agents, the only viable mechanism is to restrict by Group.

If you really need to restrict tickets, consider if it's okay that all your agents only see the tickets in their own group. You will lose the high level overview of the customer, and deal with access / visibility issues when escalating tickets between groups, but that's the trade-off.

There are various 'hacky' solutions based on group based restrictions that includes creating 'umbrella' groups etc, but all of these will mess with your reporting, the built in tickets fields and rules, the quick 'assign to me' links, etc. I really tried it, but had to give up eventually since it became complex and didn't scale, and I really wouldn't recommend it, it's not a fun trip.

I think we need to await until Zendesk recognize the business case here, and implements a distinction between ticket access and ticket groups/assignee.

Also would find this feature to be very useful. We have a few teams that work tickets with sensitive merchant information, which we cannot have any other groups in Zendesk having access to. These teams that work with sensitive information, do however need to be able to see other tickets in the desk. Definitely looking forward to an update.

I have found that I've made decisions to split teams into their own instances of Zendesk because of this scenario. I want an environment where agents can collaborate, but I also need a way to restrict tickets in certain areas so that only certain agents can see tickets.

Thanks so much for sharing your use case with us. I've actually been hearing an increasing number of customers talk about something very similar. Where our current restricted agent functionality locks a particular agent to accessing a subset of tickets, you really need a way to restrict a subset of tickets from most agents. This is something we're talking about and considering internally, though nothing can be called "planned" just yet.

I am in the same situation and am pleasantly surprised to see so many other people asking for the same requirement. It would be great if ZenDesk provided a way for us to restrict the visibility of a very specific set of tickets (say, if a ticket is assigned to an agent in a specific group). As Kristin mentioned above, this is required only for some sensitive tickets (which comprise less than 1% of total volume, but have the highest attention).

It is interesting to see that this request has been lying around for more than 18 months with no solution or workaround from ZenDesk.

Any workarounds here would be great. We receive occasional emails with highly sensitive information in them that cannot be deleted due to legal concerns. Being able to restrict single tickets without having to fully restructure the Group org would be ideal.

Adding another need for this workaround as well! Here's how I explained our situation in a support request:

Instead of limiting an agents ticket access by what's relevant to the agent (group, org, etc.) I'd like to be able to limit access to tickets by what's NOT relevant to the agent.

Example: 3 Agents: A, B, and C. A is assigned to groups 1 & 2, B to 2 & 3, and C to 1, 2, 3, & 4. We need to set up Agent A to be able to access tickets in groups 1,2 (and 3 if needed) but not 4 (in any case). Specifically, the issue here isn't Group 4 tickets, it's Agent A's ability to access tickets in group 3 without actually adding them to that group because they aren't organizationally part of that group.

Here are the top 2 solutions that come to my mind:

1) to set Agent Permissions based on ticket fields not Agent fields(Groups). Or, maybe better,

2) create Ticket Field - Value Permissions, when setting up the ticket field, you can assign Agents or Groups who CAN or CAN'T view tickets with a specific value in a ticket field.

I'm sure that's easier said than done though. I'm hoping there's some kind of solution in the near future!

+1 Adding my vote for this too. We have same scenario with need to restrict access to select tickets (10% of overall volume). Restricting access to tickets with certain groups is ideal, but since we are on Enterprise - even if we could restrict agent role access to certain ticket forms, that would suffice too. Hope to see this access control interface to be brought on new admin framework functionality/interface so we can get more granular with agent access.

+1. This has been a big obstacle for our organization too. It disrupts everything from ticket workflow to account settings. Restricted viewing access for a selected group, or groups, that contain sensitive information would be an extremely useful feature and would reopen options to the features that make Zendesk great but we are currently unable to use.

I too would like to see a group restriction feature like what Kristin described.

I was asked by my managers to create a group for researchers so they can collaborate(as light agents) on only the tickets assigned their group. It was also requested that I restrict their access to the shared views for tickets (ie: New tickets, Open tickets) and restrict access other help center brands outside of their own help center brand. The help center brand for the researchers will not be made public.

It would be great if the settings for a view and a brand had an exclude option by group(s).

Great feedback Kristin. I'm adding my vote, as our use case is essentially the same. It would help us scale our Zendesk to groups which we currently can't put into Zendesk.

Currently, if you simplify a bit, ticket access today is all or nothing. Trying to implement a compromise and it quickly becomes complex situation with lots of overhead admin and side-effects.

There is usually a good business case too, to have as much ticket visibility as it makes sense for your organization. It would be great to have support for this.

Restricting access is also a good practice when it's done just for the purpose of removing excess information, as it could be for automatic orders and other ticket types which may not be relevant to most users to have visible on a user profile. Another good reason why we'd like better support here.

There are lots of cases where multiple groups should have shared visibility, or cooperation becomes troublesome. Like when escalating tickets between teams working in Zendesk.

For us, ticket access is not as simple as based on which team handles the ticket. One team may handle serveral sets of different tickets where some needs to be restricted to certain groups, and others should be visible to many.

In essence, our company's need is to restrict tickets based on content, not simply based on the team currently assigned to the ticket.

Content is not simply text based of course, it's a business decision which involves the type of recipient the ticket was created towards, the channel, etc.

We apply stricted restrictions at ticket creations for some channel, as this is the most sensitive stage in the lifecycle, as the ticket content we get could be unknown, and then we ease up during or after the ticket has been processed, as we determined it's nature.

I'd strongly like ticket access as an independent property in itself, one that can be freely manipulated and which can include as many or as few groups as we'd like. And one that doesn't interfere with reporting, group notifications, assignee fields, and the like, as today.

Adding my plus 1 - there is also the option of 'Role restrictions' in Apps but this is a one size fits all, even upgrading to Enterprise doesn't support our use case:

We have a team that deals with sensitive issues and we want to restrict most agents from seeing those tickets - and to add more complexity some agents aren't assigned to a group which means the 'Tickets in Agents Group' option doesn't help either but they should still be able to access these sensitive tickets. We've also tested changing the Agent setting to 'Tickets in Agents org.' and adding all the required people into those organisations to no avail.

wow we are one of the customers Erin is talking about. We have been really trying to find a way to restrict SOME tickets. as Kristen says, 99% of our tickets need to be seen by all agents or at least most agents. but there is a growing need to restrict access to a select few tickets. We know this could get complicated in terms of programming what to show agents and then also what to show the customers. But please do consider this feature!

Any Progress on this? as a enterprise customer, that have everything from customer care to credit and liability in our Zendesk, we really need to be able to restrict access to some tickets. on a ticket by ticket basis.

Additional ticket visibility options would really be helpful for use with the way we're using Zendesk. The Guide has a way to control article visibility using Tags—a similar option to control which tickets are visible to agents based on Tags would be extremely flexible.

I agree with everyone. Currently it is not just feasible to manage. If we have 50 groups and all users should be bale to see all but one group, then it is a nightmare to setup. It also impacts views as well.

Agree would like to see this added too. Most cases we want open to share and collaborate apart from those times we have to be secure because its sensitive data and we dont want all agents to be able to see that. HR and Payroll are a couple of use cases for us. We are looking to build a second instance to manage this which seems crazy but necessary to get what we need. Also on enterprise and called out to Product teams.